Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Moodle 1.9.x < 1.9.12 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle prior to 1.9.12 are potentially affected by multiple vulnerabilities :

- A security bypass flaw exists in Group/Quiz permissions that could allow a teacher assigned to a particular group to access quiz reports for students in other groups. (MSA-11-0013 / CVE-2011-4288)

- A vulnerability assessment performed by a third party has revealed multiple cross-site scripting (XSS) vulnerabilities. Specifically, these affect URL encoding within the script 'lib/weblib.php'. (MSA-11-0015 / CVE-2011-4290)

Solution

Upgrade to Moodle version 1.9.12 or later.